Hello, We are trying to configure the authentication extensions for the Okta identity provider and below are the steps as per the Splunk documentation.Log into Splunk Platform as an administrator level user.
From the system bar, click Settings > Authentication Methods.
Click "Configure Splunk to use SAML". The "SAML configuration" dialog box appears.
In the Script path field within the Authentication Extensions section of the "SAML configuration" dialog box , type in SAML_script_okta.py.
In the Script timeout field, type in 300s.
In the Get User Info time-to-live field, type in 3600s.
Click the Script functions field.
In the pop-up window that appears, click getUserInfo.
Under Script Secure Arguments, click Add Input.
In the Key field, type in apiKey.
In the Value field, type in the API key for your IdP.
Click "Add input" again.
In the "Key" field, type in baseUrl.
in the "Value" field, type in the URL of your Okta instance.
Click Save. Splunk Cloud Platform saves the Okta configuration and returns you to the SAML Groups page.
Could anyone confirm whether these steps will work for the Splunk OnPrem too? or it is applicable for the Splunk Cloud?
Also, as per Step (In the Value field, type in the API key for your IdP.), we have to provide the API key for the Idp, our security team is asking what permission does the Okta API token needs? any thoughts? Please advice.
Thank you!
